From 974e63d07f92c3042211249f58e738a665ac173f Mon Sep 17 00:00:00 2001 From: Thomas Lively Date: Wed, 14 Dec 2022 12:13:54 -0600 Subject: Fix OOB string_view read in generated parser code (#5349) The `op` string_view was intentionally created to point into the `buf` buffer so that reading past its end would still be safe, but some C++ standard library implementations assert when reading past the end of a string_view. Change the generated code to read out of `buf` instead to avoid those assertions. Fixes #5322. Fixes #5342. --- scripts/gen-s-parser.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'scripts') diff --git a/scripts/gen-s-parser.py b/scripts/gen-s-parser.py index 349f93362..0874d3218 100755 --- a/scripts/gen-s-parser.py +++ b/scripts/gen-s-parser.py @@ -716,16 +716,14 @@ def instruction_parser(new_parser=False): printer = CodePrinter() - printer.print_line("char buf[{}] = {{}};".format(inst_length + 1)) - if new_parser: - printer.print_line("auto str = *keyword;") + printer.print_line("auto op = *keyword;") else: printer.print_line("using namespace std::string_view_literals;") - printer.print_line("auto str = s[0]->str().str;") + printer.print_line("auto op = s[0]->str().str;") - printer.print_line("memcpy(buf, str.data(), str.size());") - printer.print_line("std::string_view op = {buf, str.size()};") + printer.print_line("char buf[{}] = {{}};".format(inst_length + 1)) + printer.print_line("memcpy(buf, op.data(), op.size());") def print_leaf(expr, inst): if new_parser: @@ -744,7 +742,7 @@ def instruction_parser(new_parser=False): def emit(node, idx=0): assert node.children - printer.print_line("switch (op[{}]) {{".format(idx)) + printer.print_line("switch (buf[{}]) {{".format(idx)) with printer.indent(): if node.expr: printer.print_line("case '\\0':") -- cgit v1.2.3